Privacy Notice

This policy (together with our terms of use and any other documents referred to in it) describes how we collect and use your personal data during your use of the Gardens, Libraries & Museums website and GLAM microsites in accordance with the General Data Protection Regulation (GDPR) and implementing national legislation.

How we use your data

We will use your data that you have provided to us to help shape future exhibitions at our gardens, libraries and/or museums.

We are processing your data for this purpose only because you have given us your consent to do so, by providing your email. You can withdraw your consent at any time by contacting us at  ​​​​​ In this event, we will stop the processing as soon as we can.  However, this will not affect the lawfulness of any processing carried out before your withdrawal of consent.

We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.

Who has access to your data?

Access to your data within the University will be provided only to those who need to view it as part of their work.

We may share your data with companies who provide services to us, such as research consultants who run the focus groups. These companies are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.

Where we share your data with a third party, we will seek to share the minimum amount necessary.

Third party websites

Our website contains links to and from various third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.


Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

External Advertising

Where comments have been left about our exhibitions, these may go on to feature in external advertising campaigns as examples of the work that we are doing and the impact that it has on our visitors. These will never identify individuals who have contributed without seeking their express permission.

Retaining your data

We will only retain your data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements. For instance in the case of competition winners and published material this will be kept indefinitely however for data collected for gift aid this will be deleted within seven years. If you have signed up to a mailing list, we will retain your data until you unsubscribe or ask us to change it or delete it.


Your data will be held securely in accordance with the University’s policies and procedures. Further information is available on the University’s Information Security website.

Where we store and use your data

We store and use your data on University premises, in electronic form. Where this has been collected in paper format, it will be transferred to the electronic medium before the paper copy is shredded. 

Electronic data may be transferred to, and stored at a destination outside the European Economic Area ("EEA"), for example, when we communicate with you using a cloud based service provider that operates outside the EEA such as MailChimp.

Such transfers will only take place if one of the following applies:

  • the country receiving the data is considered by the EU to provide an adequate level of data protection;
  • the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Privacy Shield;
  • the transfer is governed by approved contractual clauses;
  • the transfer has your consent;
  • the transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract; or
  • the transfer is necessary for the performance of a contract with another person, which is in your interests.

Your rights

Information on your rights in relation to your personal data can be found on the University's Individual Rights webpage. 


If you wish to raise any queries or concerns about our use of your data, please contact us at

*The University’s legal title is the Chancellor, Masters and Scholars of the University of Oxford